<?php
if(!isset($_SESSION)) 
	{ 
		session_start(); 
	}
	ob_start();
	if(isset($_REQUEST['btnLogin'])){
		include 'connection/connection.php';
	  	$username =  $_REQUEST['txtName'];
	   	$password = $_REQUEST['txtPass'];
	   	$vaction = $_REQUEST['vaction'];
		if ($username=="" || $password=""){
			$errorMessage = "Fill up all fields.";
			$_SESSION['error']="Fill up all fields.";
			header( 'Location: index.php' );
		}else {
			echo authenticate($username, $_REQUEST['txtPass'],$vaction );
		}
	}
function  authenticate($username, $password,$vaction){
		$flag = false;
		$query = mysql_query("SELECT cs.* FROM `caruser` cs WHERE cs.szUser ='$username' AND cs.szPasswd='$password';",$connection);
		while ($row = mysql_fetch_array($query)){
			$flag=true;
			$_SESSION['iduser'] =  $row['iUser'];
			$_SESSION['usname'] =  $row['szUser'];
			$_SESSION['role'] = $row['szPower'];
			$_SESSION['activeaction']=$vaction;
			if($row[szPower]=='Admin'){
				header('Location: admin/content-after-login.php');
			}else if ($row[szPower]=='User'){
				header('Location: user/content-after-login.php');
			}
		}if($flag==false){
			$_SESSION['error']="";
			header( 'Location: index.php' );
		}
	}
ob_flush(); 
?>
